This post is a preview of our new Endpoint Security Buyer's Guide, which you can download here. I'd love to hear your feedback, so take a look then come back and let me know what you think in the comments below.
Cybersecurity budgets may be growing (Gartner estimates global spending will surpass $100 billion in 2018), but that doesn't mean you have money (or credibility) to waste on the wrong tools. One thing that's never fun is having to go back to your boss to explain why that product you fought so hard for wasn't what you actually needed. That's not exactly the best opening argument for why he or she should feel confident you've found the right solution this time around.
In order to avoid that unpleasant conversation altogether, it's best to be picky. To help you get all the information you need to make a smart buying decision the first time around here are five common mistakes to avoid, with illustrative examples featuring the world's worst Dodge Durango salesman, Ron Burgundy.
Lesson from Ron: What's important to a vendor may or may not be the most important thing for you.
Most security vendors are all too happy to tell customers what features are important to look for in a product (hint: it's usually the ones they offer). The trouble, of course, is when you’re a hammer, every problem looks like a nail.
Rather than get caught up in vendor jargon and buzzwords (who needs 25 "MPGs"?) and follow them down their respective rabbit holes, a better approach is to focus on your own specific security needs and priorities first. Answering the following three questions can help you surface what those are:
Not only will arming yourself with this list of goals help you narrow down your search, it will also help you keep conversations with vendors centered squarely around your problem rather than solely the answers they're selling. Remember, the point is to hone in on the kinds of tools that are going to help not just anyone, but you, specifically.
When you’re researching products or talking with vendors it can be easy to get a little too focused on the features being offered and lose sight of whether or not those features a) actually address your primary problem; b) are things you can actually utilize and manage with the time, staff, and resources you have at your disposal.
Every product has a "sweet spot" in terms of the conditions it works best in. As a potential customer, it's your job to find out what that is. Some vendors are going to be more up front about it than others. For example, many security solutions (especially detection and response tools — more on those later) require considerable in-house expertise and dedicated personnel to manage, but that may not be immediatly clear on a vendor's website.
Also keep in mind that whenever security vendors talk about their products they tend to highlight examples and situations where the conditions were just right for their product to work best. If those conditions match your own situation, great! Otherwise, you're going to want to ask for examples of what implementation has looked like for organizations that are more similar to yours.
Questions to ask:
The answers should give you a more realistic idea of what you can expect, what’s required, and whether or not managing a particular solution is actually feasible.
Lesson from Ron: You should really take the time to put a new product through the paces.
You can research all the options, read Gartner reports and peer reviews, even sit through demos, but the truth is you won’t really know what it’s like to use and integrate a solution until you try it out in the real world.
If you work for a larger organization an evaluation period may be baked into your buying process already, but if that’s not the case it’s important to leverage any free trial period (which more and more vendors are offering) to take the product out for a spin, try to break it, and see how it operates in your specific conditions.
To make sure you’re taking full advantage of any free trial, download the Trial To-Do Checklist that’s part of our Endpoint Security Buyer’s Guide.
Lesson from Ron: If a new product actually makes a task more complicated it may not be worth it.
Another argument for trying products before you buy is making sure it not only does what it says it's going to do, but that it plays nice with your other applications. Baseline, you want to make sure fixing one problem isn't causing others — adding too much complexity, crashing other programs, reporting a lot of false positives, introducing compatability issues, flooding other systems with too much or problematic data, etc.
Beyond that, you also want to confirm the new software integrates well within your current security stack, especially if that's a key selling point.
Example: Will a new endpoint solution work well alongside your existing antivirus, or will it require you to rip and replace it? Will it generate data you can feed into downstream detection and response tools like a SIEM? The answers to these questions should inform the types of tests you conduct during a trial.
Lesson from Ron: More is only better if it's more of the right thing.
As confidence in the capability of antivirus to detect new and advanced malware continues to slip (86% of professionals plan to replace or augment their existing antivirus products) companies are being left with the understanding that they need to do more, but a big lack of clarity around what exactly that "more" should be.
The answer an increasing number of security vendors are jumping to is "more" should mean gathering more data in the form of monitoring and detection tools. Since antivirus isn't working and you're bound to be infected at some point, the thinking goes, you shouldn't worry so much about trying to prevent attacks and focus on detecting and responding to them, instead.
The biggest problem with that approach is that it's reactive. Once malware has landed and executed on a machine, it can begin spreading and causing damage almost immediately (ransomware is a perfect example — it only needs minutes or seconds to encrypt a sizable chunk of files). That means waiting to respond to attacks until after they're initiating can push up your costs. The old adage "an ounce of prevention is worth a pound of cure" is still very much true.
As Barkly co-founder and CTO Jack Danahy puts it, "Monitoring and response are vital, but lumping them together under the term 'protection' is like saying hospitals are a form of protection against breaking your leg or catching the flu." Many of us would agree getting a flu shot is far preferrable (and more cost effective) to getting sick and having to take off work and get treatment after the fact.
It's easy for buying new security to become overly complicated and time consuming. Learn how to streamline the process by downloading our new Buyer's Guide below.
Photo by Mike Poresky
Get the latest security news, tips, and trends straight to your inbox.
Get the latest security news, tips, and trends straight to your inbox.